[SANS ISC] Malicious Python Code and LittleSnitch Detection

I published the following diary on isc.sans.edu: “Malicious Python Code and LittleSnitch Detection“: We all run plenty of security tools on our endpoints. Their goal is to protect us by preventing infection (or trying to prevent it). But all those security tools are present on our devices like normal applications

The post [SANS ISC] Malicious Python Code and LittleSnitch Detection appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Python Code and LittleSnitch Detection

[SANS ISC] Sandbox Evasion Using NTP

I published the following diary on isc.sans.edu: “Sandbox Evasion Using NTP“: I’m still hunting for interesting (read: “malicious”) Python samples. By reading my previous diaries, you know that I like to find how attackers implement obfuscation and evasion techniques. Like yesterday, I found a Python sample that creates a thread

The post [SANS ISC] Sandbox Evasion Using NTP appeared first on /dev/random.

Continue reading [SANS ISC] Sandbox Evasion Using NTP

Trickbot Malware Using Screen Resolution Checks as Anti-VM Tactic

Security researchers spotted Trickbot malware checking the screen resolution as a means of evading analysis on a virtual machine (VM). Digital security firm MalwareLab came across a sample of the trojan that checked to see whether a computer’s sc… Continue reading Trickbot Malware Using Screen Resolution Checks as Anti-VM Tactic

Miscreant Hackers Co-Opt CAPTCHAs

Image Courtesy of Microsoft Security

In a masquerade and redirection ploy typically utilized by land, sea (surface and submersable), air and (highly likely) space warfare professionals, comes word of the same tactic targeting civilian users of our co… Continue reading Miscreant Hackers Co-Opt CAPTCHAs

Understanding the Payload-Less Email Attacks Evading Your Security Team

Business email compromise (BEC) attacks represent a small percentage of email attacks, but disproportionately represent the greatest financial risk. Continue reading Understanding the Payload-Less Email Attacks Evading Your Security Team

[SANS ISC] Malicious Excel With a Strong Obfuscation and Sandbox Evasion

I published the following diary on isc.sans.edu: “Malicious Excel With a Strong Obfuscation and Sandbox Evasion“: For a few weeks, we see a bunch of Excel documents spread in the wild with Macro V4. But VBA macros remain a classic way to drop the next stage of the attack on the

[The post [SANS ISC] Malicious Excel With a Strong Obfuscation and Sandbox Evasion has been first published on /dev/random]

Continue reading [SANS ISC] Malicious Excel With a Strong Obfuscation and Sandbox Evasion

The Threat in the Cloud: Phishing Abuses Amazon AWS S3 Buckets

An ongoing campaign is hosting its phishing landing pages on enterprise-class public cloud storage services — a nascent trend meant to throw defenders off. Continue reading The Threat in the Cloud: Phishing Abuses Amazon AWS S3 Buckets